glassfish
  1. glassfish
  2. GLASSFISH-6935

[UB] No optional client authentication available in HTTPS connector

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 9.0pe
    • Fix Version/s: 3.1.2
    • Component/s: docs
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      6,935

      Description

      Actually it's only possible to create a HTTPS connector with client
      authentication disable or required. Usually, the client authentication of a
      HTTPS connector can be configured in 3 ways, none, optional, or required.

      The optional mode is very useful with SSO softwares, like OpenSSO and it's very
      annoying it's not possible to do that with Glassfish.

        Activity

        Hide
        Mike Fitch added a comment -

        Closing resolved issue.

        Show
        Mike Fitch added a comment - Closing resolved issue.
        Hide
        Mike Fitch added a comment -

        This issue was fixed in 3.1.2. See "To Configure Optional Client Authentication for SSL" at (http://docs.oracle.com/cd/E26576_01/doc.312/e24928/http_https.htm#CHDEDCEA).

        Show
        Mike Fitch added a comment - This issue was fixed in 3.1.2. See "To Configure Optional Client Authentication for SSL" at ( http://docs.oracle.com/cd/E26576_01/doc.312/e24928/http_https.htm#CHDEDCEA ).
        Hide
        Mike Fitch added a comment -

        Pushing to 3.2. The ssl element does have the client-auth attribute, but there doesn't seem to be an ssl-implementation attribute.

        Show
        Mike Fitch added a comment - Pushing to 3.2. The ssl element does have the client-auth attribute, but there doesn't seem to be an ssl-implementation attribute.
        Hide
        schmidt75 added a comment -

        Does this fix work in GlassFish v3.1 b37?

        Ssl accepts client-auth="want", but has no effect for me in GlassFish v3.1 b37 (packaged with Netbeans 7.0 beta nightly build).
        The certificate doesn't get requested in the browser.

        Alternatively, adding <property name="com.sun.grizzly.ssl.auth" value="want"/> to http-listener seems to have no effect either
        (as described here: http://blogs.sun.com/kalpana/entry/client_auth_requested_in_glassfish)

        Show
        schmidt75 added a comment - Does this fix work in GlassFish v3.1 b37? Ssl accepts client-auth="want", but has no effect for me in GlassFish v3.1 b37 (packaged with Netbeans 7.0 beta nightly build). The certificate doesn't get requested in the browser. Alternatively, adding <property name="com.sun.grizzly.ssl.auth" value="want"/> to http-listener seems to have no effect either (as described here: http://blogs.sun.com/kalpana/entry/client_auth_requested_in_glassfish )
        Hide
        Mike Fitch added a comment -

        Adding [UB] to summary as this will be documented in Unbundled Documentation.

        Show
        Mike Fitch added a comment - Adding [UB] to summary as this will be documented in Unbundled Documentation.

          People

          • Assignee:
            Mike Fitch
            Reporter:
            asyd
          • Votes:
            4 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: